You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Somasuntaram <so...@kloudone.com> on 2021/10/11 09:31:02 UTC

Apache kafka SSL Security

Hi ,

I have been trying to enable Kafka security ssl authentication using
certificates and encryption. but i am getting errors when i try to create a
topic and Kafka status fails whereas zookeeper is running fine.

Note :- The screenshot of the error I get when I try to create a topic is
attached below

These are commands I tried to create and also i have attached the
server.properties configuration file for your reference.

. Generate the key into a temporary keystore initially
      1 keytool -keystore kafka.server.keystore.jks -alias localhost
-validity 365 -genkey
Generate CA
      2 openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
Add the generated CA to the clients’ truststore
      3 keytool -keystore kafka.client.truststore.jks -alias CARoot -import
-file ca-cert
Export the certificate from the keystore:
      4 keytool -keystore kafka.server.keystore.jks -alias localhost
-certreq -file cert-file
Sign it with the CA:
      5 openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out
cert-signed -days 365 -CAcreateserial -passin pass:windows
Import the certificate of the CA into the keystore
      6 keytool -keystore kafka.server.keystore.jks -alias CARoot -import
-file ca-cert
Import the signed certificate into the keystore
      7 keytool -keystore kafka.server.keystore.jks -alias localhost
-import -file cert-signed

Note:- The SSL certificates are in SSL folder inside the Kafka directory
itself.

Please help in solving this issue.